发布求助
文献互助 智能选刊 最新文献

Journal of Information Systems Security最新文献

筛选
英文 中文
Employing Encryption to Secure Consumer Data 使用加密保护消费者数据
Journal of Information Systems Security Pub Date : 2006-07-01 DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94187.7
Karim Toubba
{"title":"Employing Encryption to Secure Consumer Data","authors":"Karim Toubba","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94187.7","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94187.7","url":null,"abstract":"Abstract Businesses have learned that perimeter security is no longer enough to protect critical data, and many are now touting the benefits of encrypting the data held in storage and backup systems. Driven largely by the awareness of security breaches, lawmakers, credit card issuers, and consumers themselves are holding organizations accountable for the protection of personal data. Today, businesses that suffer a security breach in which customer data is lost or stolen face widespread negative publicity, lost business, lawsuits, and fines that can threaten their viability. Although it's easy to immediately think that the storage or backup systems were compromised, it's important to note that, in an analysis of 45 of the reported incidents of data theft that occurred in the first half of 2005, only a small percentage were due to theft or loss of backup tapes. Far more prevalent were incidents in which insiders or outside attackers gained access to sensitive information through application-level attacks — attacks storage-level encryption wouldn't have prevented. This is why it is important for businesses to encrypt data at the Web, application, or database layer. Encrypting data as it enters the business, rather than having it stay in a readable state while it is used in various applications throughout the network, protects that data from both internal and external threats.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86588453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
E-Mail Archiving: Understanding the Reasons, Risks, and Rewards 电子邮件归档:理解原因、风险和回报
Journal of Information Systems Security Pub Date : 2006-07-01 DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94184.4
Paul Chen
{"title":"E-Mail Archiving: Understanding the Reasons, Risks, and Rewards","authors":"Paul Chen","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94184.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94184.4","url":null,"abstract":"Abstract Statistics show that as much as 60 percent of business-critical data now resides in e-mail, making it potentially the most important repository of data your company owns. This huge amount of data — which is growing on a daily basis — translates into a significant burden on corporate storage resources.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78489719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Problem with P2P P2P的问题
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93403.2
Ken Dunham
{"title":"The Problem with P2P","authors":"Ken Dunham","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93403.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93403.2","url":null,"abstract":"Abstract Peer-to-peer (P2P) applications have been one of the hottest things on the market for users — both at home and at the office — in the past few years. Unfortunately, there are many security risks associated with P2P programs, such as Kazaa, eDonkey, and others. Even if a corporation has a policy against P2P applications, it is at an increased risk due to the popularity of such programs and abuse by employees and contractors. This article provides an overview of some of the common threats introduced by P2P applications.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81018505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proactive Security for VoIP Networks VoIP网络的主动安全
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93405.4
B. Materna
{"title":"Proactive Security for VoIP Networks","authors":"B. Materna","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93405.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93405.4","url":null,"abstract":"Abstract The deployment of Voice-over-IP (VoIP), or IP telephony, is accelerating rapidly. Due to the numerous benefits of VoIP systems, including the reduced cost of deployment and management, IP-PBXs are now outselling traditional PBXs and, by 2009, will represent 91 percent of all enterprise phone systems worldwide. As more and more private- and public-sector organizations and service providers plan the migration to VoIP and the associated emerging real-time services, such as IP TV, conferencing, and IP multimedia subsystem (IMS), the need to secure IP communications is becoming increasingly urgent.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76312454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Security Answers the Call 保安接听电话
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93402.1
J. Tiller
{"title":"Security Answers the Call","authors":"J. Tiller","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93402.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93402.1","url":null,"abstract":"Abstract In 1998, I was working in Germany designing a 5,000-site IP security (IPSec) virtual private network (VPN) solution encompassing 125 countries for a logistics company. The options were few. Timestep had the best product during that time, and many other IPSec products were emerging, such as Altiga, Novell's Border- Manager, and Checkpoint. Of course, Cisco was very interested but didn't have solid IPSec code. Cisco got involved and insisted that, with a little work, they could have a meaningful solution. This boded well for the client given that they used Cisco for all their networking gear, making the whole philosophy very attractive.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87383873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Can VoIP Secure Itself for the Next Technology Wave?: A Look at Assessing Vulnerability in a Converged Environment VoIP能在下一次技术浪潮中保护自己吗?:融合环境中的脆弱性评估
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93404.3
Darrell Epps, S. Tanner, Carl Silva
{"title":"Can VoIP Secure Itself for the Next Technology Wave?: A Look at Assessing Vulnerability in a Converged Environment","authors":"Darrell Epps, S. Tanner, Carl Silva","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93404.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93404.3","url":null,"abstract":"Abstract As one of the most rapidly emerging communications technologies, Voice-over-IP (VoIP) is gaining momentum as the de facto standard for delivering voice traffic in private networks. According to InfoTech, by 2005, 73 percent of all enterprises will have at least started to implement IP telephony. The total U.S. revenue associated with this newer technology, including systems, services, and applications, will grow significantly from $5.02 billion in 2004 to $17.24 billion in 2009.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81668479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Holistic Approach for Managing Spyware 管理间谍软件的整体方法
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93407.6
Xin-gao Luo
{"title":"A Holistic Approach for Managing Spyware","authors":"Xin-gao Luo","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93407.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93407.6","url":null,"abstract":"Abstract In the past, the main anti-malware targets for IT were viruses and worms. Yet, information privacy and security control are being increasingly challenged by the mushrooming emergence and propagation of spyware, which is one of the perilous cyber-threats confronting the IT community in terms of privacy violation. In general, most people regard spyware as a stealthy transmitter gathering and passing sensitive personal information to a third party over the Internet without awareness or permission. Stafford and Urbaczewski refer to spy- ware as “a ghost in the machine” [1] due to its surreptitious nature compared to viruses and worms. Warkentin et al. [2] further expand the description by arguing that “spy- ware is a client-side software component that monitors the use of client activity and sends the collected data to a remote machine.” The rapid penetration of broadband Internet connections, coupled with a wide variety of free software downloads and weakly managed peer-to-peer (P2P) transmissions, has provided a hotbed for the pervasion of spyware. Notwithstanding, in the early development stage, spyware has the potential and specificity to surreptitiously trigger more severe calamities than viruses and worms if we don't have comprehensive management and prudent control.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90043781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Eliminating the Volume of Spam E-Mails Using a Hashcash-Based Solution 使用基于hashcash的解决方案消除垃圾邮件的数量
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93406.5
K. Curran, J. Honan
{"title":"Eliminating the Volume of Spam E-Mails Using a Hashcash-Based Solution","authors":"K. Curran, J. Honan","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93406.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93406.5","url":null,"abstract":"Abstract Spam can be defined as unsolicited e- mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups. Spoofing (Templeton and Levitt, 2003) is a technique often used by spammers to make them harder to trace. Trojan viruses embedded in e-mail messages also employ spoofing techniques to ensure the source of the message is more difficult to locate (Ishibashi et al., 2003). Spam filters and virus scanners can eliminate only a certain amount of spam and also risk catching legitimate e-mails. As the SoBig virus has demonstrated, virus scanners themselves actually add to the e-mail traffic, through notification and bounceback messages. Simple Mail Transfer Protocol (SMTP) is flawed in that it allows these e-mail headers to be faked and does not allow for the sender to be authenticated as the real sender of the message. If this problem can be solved, it will result in a reduction in spam e-mail messages and more security for existing e-mails, and it will allow e-mail viruses to be tracked down and stopped more effectively (Schwartz and Garfinkel, 1998). This approach is known as “trusted e-mail.”","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87100039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Thinking Beyond Security 超越安全的思考
Journal of Information Systems Security Pub Date : 2006-05-01 DOI: 10.1201/1086.1065898X/46051.15.2.20060501/93408.7
R. Ramanathan
{"title":"Thinking Beyond Security","authors":"R. Ramanathan","doi":"10.1201/1086.1065898X/46051.15.2.20060501/93408.7","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46051.15.2.20060501/93408.7","url":null,"abstract":"Abstract A competitive business views information technology (IT) as an integral part of itself in achieving the business mission. On the other hand, IT cannot stand up to the service level agreement (SLA) with the business units if it views solutions in an ad hoc way [1]. In a time where the IT as a business enabler and enhancer is the target of unanticipated attacks from various agents, the entity at risk is the business itself and the trust the business has developed so far in the IT [2]. Government initiatives, such as the Critical Infrastructure Protection Act [3], include even the assets owned by private industry, such as those of major banking and energy sectors, as a part of the national asset. They mandate that companies take initiatives to protect and make information resources available, despite possibilities of threats [4].","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72899623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Security of Backup Data 备份数据的安全性
Journal of Information Systems Security Pub Date : 2006-03-01 DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92683.6
Tommy Ward
{"title":"Security of Backup Data","authors":"Tommy Ward","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92683.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92683.6","url":null,"abstract":"Abstract If your company is like many others, you have put a lot of effort into securing your information systems. You've implemented technology and procedures at great expense, but you may be omitting an important last step: secure off-site storage.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75641231","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信